Security flaw in online UK visa
This flaw means that the details of 50,000 people may have been available online and that is a potential treasure trove for identity thieves and terrorists, reports Vijay Dutt.world Updated: May 20, 2007 03:04 IST
An exclusive Channel 4 exposure of an alleged security flaw in Internet visa applications to the British High Commission in India has reportedly caused ripples in the Foreign Office.
This flaw means that the details of 50,000 people may have been available online and that is a potential treasure trove for identity thieves and terrorists. So far there has not been a hint of any radical coming from India but there is the possibility of identity theft by radicals.
The TV channel claimed that the personal details of thousands of people wanting to travel to the UK online was unsecured and available to anyone who simply altered a website address.
After the revelation, the Foreign Office posted a notice on May 17, saying that the VFS Global Ltd provides an on-line application system for UK visa applicants in India, Russia and Nigeria. Due to a technical problem the VFS online application system is currently unavailable. Customers applying for visas in these countries should contact their nearest visa application system for information.
Lord Triesman reacting to the reported breach said, "Security is paramount in our visa system. We will conduct an immediate thorough and independent investigation into this reported breach of one of our commercial partners' systems. The VFS website application service has been shut down.”
It is well known that a large number of people in India apply s for entry to the UK. Not all do it online but last year nearly 50,000 did, including one Sanjib Mitra from Bangalore.
In April last year he had trouble with his application and in trying to sort things out, he discovered that he could access all the other applications that had been made online. Visa processing in India has been outsourced out for some years now by the Foreign Office to a private Indian company, VFS Global.
The TV report said that in a blog last week Sanjib Mitra revealed how he had checked and found the loophole was still there. He said that he emailed the company last year, and heard nothing. Concerned, he alerted specialist computer security journalist Davey Winder who investigated the breach.
Having determined the information was still vulnerable, and succeeded in getting VFS Global to secure the database, Winder contacted Channel 4 News. No one knows if anyone has stolen the personal data that was so freely available.
First Published: May 20, 2007 03:00 IST